AIDE/Tripwire
Harnish, Joe
jharnish at ci.grand-rapids.mi.us
Wed Aug 13 13:35:26 UTC 2003
Actually it would probably be a good idea to rework the database a little
bit so you can have "Version Control" embedded into it. The version control
would log who installed the RPM (if using sudo to install), when the package
was installed and it's old information.
-----Original Message-----
From: Mr. Adam ALLEN [mailto:adam at dynamicinteraction.co.uk]
Sent: Wednesday, August 13, 2003 9:12 AM
To: rhl-beta-list at redhat.com
Subject: Re: AIDE/Tripwire
On Wed, 2003-08-13 at 13:13, Leonard den Ottolander wrote:
> Hi Tommy,
>
> > Maybe just setup a magic policy directory (ala /etc/tripwire.d ) ..
> > that each RPM can drop its "specs" into and have the policy
> > generated automatically or something..
>
I think it's dangerous to automatically rebuild the database, but something
like:
- get the rpm to dump into /etc/tripwire.d
- alert the user that they should run something like (or aide)
tripwire --rebuild --parse-specs
- it would probably be a safe idea to have RH sign the spec file, with the
same key used to sign the RPM, and the only process files out of
/etc/tripwire.d which can have their digital signatures verified. Users
might trust the /etc/tripwire.d contents too much- which is why I think this
step might be necessary.
Need to be really careful that my rpm doesn't drop in a new /etc/passwd.
Since the specfile would list /etc/passwd as a file- would this instruct
tripwire to re-calculate the checksums on /etc/passwd. (Which may have all
the accounts deleted).
Just a quick not-really thought through pitfalls that might exist.
--
Regards,
Adam Allen.
adam at dynamicinteraction.co.uk
pgp
http://search.keyserver.net:11371/pks/lookup?op=vindex&search=adam%40dynamic
interaction.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/test/attachments/20030813/4c8c121c/attachment.html
More information about the test
mailing list